Merge pull request #7678 from Nordix/namespaced-fix
Fix behavior when running with --namespace=<namespace>
This commit is contained in:
cert-manager-prow[bot]
GitHub
commit
dae91eee5b
@ -43,7 +43,6 @@ import (
|
||||
"github.com/cert-manager/cert-manager/internal/controller/feature"
|
||||
"github.com/cert-manager/cert-manager/pkg/acme/accounts"
|
||||
"github.com/cert-manager/cert-manager/pkg/controller"
|
||||
"github.com/cert-manager/cert-manager/pkg/controller/clusterissuers"
|
||||
"github.com/cert-manager/cert-manager/pkg/healthz"
|
||||
dnsutil "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
|
||||
logf "github.com/cert-manager/cert-manager/pkg/logs"
|
||||
@ -108,7 +107,6 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error {
|
||||
server.WithTLSCipherSuites(opts.MetricsTLSConfig.CipherSuites),
|
||||
server.WithTLSMinVersion(opts.MetricsTLSConfig.MinTLSVersion),
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to listen on prometheus address %s: %v", opts.MetricsListenAddress, err)
|
||||
}
|
||||
@ -226,12 +224,6 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error {
|
||||
continue
|
||||
}
|
||||
|
||||
// don't run clusterissuers controller if scoped to a single namespace
|
||||
if ctx.Namespace != "" && n == clusterissuers.ControllerName {
|
||||
log.V(logf.InfoLevel).Info("skipping as cert-manager is scoped to a single namespace")
|
||||
continue
|
||||
}
|
||||
|
||||
iface, err := fn(ctxFactory)
|
||||
if err != nil {
|
||||
err = fmt.Errorf("error starting controller: %v", err)
|
||||
|
||||
@ -267,5 +267,12 @@ func EnabledControllers(o *config.ControllerConfiguration) sets.Set[string] {
|
||||
logf.Log.Info("the ValidateCAA feature flag has been removed and is now a no-op")
|
||||
}
|
||||
|
||||
// If running namespaced, remove all cluster-scoped controllers.
|
||||
if o.Namespace != "" {
|
||||
logf.Log.Info("disabling all cluster-scoped controllers as cert-manager is scoped to a single namespace",
|
||||
"controllers", strings.Join(defaults.ClusterScopedControllers, ", "))
|
||||
enabled = enabled.Delete(defaults.ClusterScopedControllers...)
|
||||
}
|
||||
|
||||
return enabled
|
||||
}
|
||||
|
||||
@ -154,6 +154,15 @@ var (
|
||||
csrvaultcontroller.CSRControllerName,
|
||||
}
|
||||
|
||||
ClusterScopedControllers = []string{
|
||||
clusterissuerscontroller.ControllerName,
|
||||
csracmecontroller.CSRControllerName,
|
||||
csrcacontroller.CSRControllerName,
|
||||
csrselfsignedcontroller.CSRControllerName,
|
||||
csrvenaficontroller.CSRControllerName,
|
||||
csrvaultcontroller.CSRControllerName,
|
||||
}
|
||||
|
||||
// Annotations that will be copied from Certificate to CertificateRequest and to Order.
|
||||
// By default, copy all annotations except for the ones applied by kubectl, fluxcd, argocd.
|
||||
defaultCopiedAnnotationPrefixes = []string{
|
||||
@ -300,7 +309,6 @@ func SetDefaults_ACMEHTTP01Config(obj *v1alpha1.ACMEHTTP01Config) {
|
||||
if len(obj.SolverNameservers) == 0 {
|
||||
obj.SolverNameservers = defaultACMEHTTP01SolverNameservers
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func SetDefaults_ACMEDNS01Config(obj *v1alpha1.ACMEDNS01Config) {
|
||||
|
||||
@ -34,6 +34,7 @@ import (
|
||||
internalinformers "github.com/cert-manager/cert-manager/internal/informers"
|
||||
apiutil "github.com/cert-manager/cert-manager/pkg/api/util"
|
||||
cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
|
||||
cmlisters "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1"
|
||||
controllerpkg "github.com/cert-manager/cert-manager/pkg/controller"
|
||||
"github.com/cert-manager/cert-manager/pkg/controller/certificaterequests"
|
||||
crutil "github.com/cert-manager/cert-manager/pkg/controller/certificaterequests/util"
|
||||
@ -75,20 +76,29 @@ func init() {
|
||||
func(ctx *controllerpkg.Context, log logr.Logger, queue workqueue.TypedRateLimitingInterface[types.NamespacedName]) ([]cache.InformerSynced, error) {
|
||||
secretInformer := ctx.KubeSharedInformerFactory.Secrets().Informer()
|
||||
certificateRequestLister := ctx.SharedInformerFactory.Certmanager().V1().CertificateRequests().Lister()
|
||||
|
||||
isNamespaced := ctx.Namespace != ""
|
||||
|
||||
mustSync := []cache.InformerSynced{
|
||||
secretInformer.HasSynced,
|
||||
ctx.SharedInformerFactory.Certmanager().V1().Issuers().Informer().HasSynced,
|
||||
}
|
||||
|
||||
var clusterIssuerLister cmlisters.ClusterIssuerLister
|
||||
if !isNamespaced {
|
||||
clusterIssuerLister = ctx.SharedInformerFactory.Certmanager().V1().ClusterIssuers().Lister()
|
||||
mustSync = append(mustSync, ctx.SharedInformerFactory.Certmanager().V1().ClusterIssuers().Informer().HasSynced)
|
||||
}
|
||||
helper := issuer.NewHelper(
|
||||
ctx.SharedInformerFactory.Certmanager().V1().Issuers().Lister(),
|
||||
ctx.SharedInformerFactory.Certmanager().V1().ClusterIssuers().Lister(),
|
||||
clusterIssuerLister,
|
||||
)
|
||||
if _, err := secretInformer.AddEventHandler(&controllerpkg.BlockingEventHandler{
|
||||
WorkFunc: handleSecretReferenceWorkFunc(log, certificateRequestLister, helper, queue),
|
||||
}); err != nil {
|
||||
return nil, fmt.Errorf("error setting up event handler: %v", err)
|
||||
}
|
||||
return []cache.InformerSynced{
|
||||
secretInformer.HasSynced,
|
||||
ctx.SharedInformerFactory.Certmanager().V1().Issuers().Informer().HasSynced,
|
||||
ctx.SharedInformerFactory.Certmanager().V1().ClusterIssuers().Informer().HasSynced,
|
||||
}, nil
|
||||
return mustSync, nil
|
||||
},
|
||||
)).
|
||||
Complete()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user